Category: Security

Jul 21 2015

4 men reportedly arrested in relation to JPMorgan Chase hack

According to The New York Times and Bloomberg News, four men in Florida and Israel have been arrested in relation to the 2014 hack against JPMorgan Chase, which resulted in gigabytes of bank data being exfiltrated. The news outlets, citing anonymous sources, did not fully explain how all the suspects were connected.

The United States Attorney in Manhattan announced that the two Florida men were arrested Tuesday, and were formally charged with operating an unlicensed Bitcoin exchange,

However, their criminal complaints make no mention of JPMorgan Chase. The two Israelis were named as Gery Shalon and Ziv Orenstein, and were arrested by authorities there. A fifth man, Joshua Samuel Aaron, an American living in Israel, is reportedly still at large.

Read 8 remaining paragraphs | Comments

Jul 21 2015

Researcher takes umbrage after finding his code in Hacking Team malware

A security researcher has taken umbrage at Italian malware developer Hacking Team after discovering that his open source exploit tools were included in Android surveillance software sold to governments around the world.

Collin Mulliner, well-known in security circles for exposing vulnerabilities in mobile devices, published a blog post Tuesday that attempts to set the record straight. To wit: his tools—which among other things surreptitiously capture conversations and other sounds within earshot of infected Android phones—were used without permission or notice by Hacking Team. He learned about the use only after the breach of Hacking Team computers, which resulted in a 400-gigabyte leak of confidential company documents, including these e-mails showing company engineers discussing Mulliner's tools.

In Tuesday's post, Mulliner wrote:

Read 1 remaining paragraphs | Comments

Jul 21 2015

Google Releases Security Update for Chrome

Original release date: July 21, 2015

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Jul 21 2015

Bug in widely used OpenSSH opens servers to password cracking

A recently disclosed bug in OpenSSH software used to remotely access Internet-facing computers and servers allows attackers to make thousands of password guesses in a short period of time, a defect that could open systems to password cracking, a security researcher has warned.

Under normal circumstances, OpenSSH will allow just three or six login attempts before closing a connection, the researcher who goes by the moniker KingCope wrote in a blog post published last week. The recently discovered vulnerability, however, allows attackers to perform thousands of authentication requests during an open login window, which by default lasts two minutes. As a result, attackers who cycle through the most commonly used passwords face much better odds of finding the right one, since the vulnerability allows them to try many more candidates than they otherwise would.

KingCope wrote:

Read 5 remaining paragraphs | Comments